Security and data safety

Payments, uploads, and customer data handled with clear guardrails

MagiBooking should feel trustworthy before a merchant connects Stripe or uploads customer records. The public security page explains what is checked, what is rejected, and what is logged.

Stripe handles card dataOnline payments are processed by Stripe. MagiBooking does not store client card numbers.
Safer file uploadsCSV, Excel, image, PDF, and text uploads follow strict type, size, header, and count rules.
Merchant audit trailUpload attempts record the actor, filename, size, pass/fail result, and reason when rejected.

Safe upload

Data import safety

Every upload path should use the same safe-upload gateway so rules are predictable for merchants and enforceable by the backend.

CSV / Excel import

.csv and .xlsx only, maximum 4MB, up to 500 rows per import.

Logo and brand images

png, jpg, jpeg, or webp only, maximum 3MB.

Support attachments

png, jpg, jpeg, webp, pdf, or txt only, maximum 8MB each, up to 5 files.

Backend checks

Size, extension, MIME type, file signature, empty file, row count, and file count.

High-risk files are rejected

.exe.js.html.svg.php.zip.docm.xlsm

Audit log fields

Merchant or userOriginal filenameFile sizePolicy nameAllowed or rejectedFailure reasonTimestamp